Nokia: Smartphone Malware Infections Increased 96% in H1 2016

The rate of smartphone malware infections skyrocketed 96 percent in the first half of 2016, jumping from .25 percent of devices in 2015 to .49 percent in the January to June period, Nokia’s new Threat Intelligence Report said.

According to the report, mobile infections peaked at a record-high of 1.06 percent in April. Cell phones were the main target for these threats, with smartphones accounting for 78 percent of infections detected on mobile networks, Nokia found. In April, Nokia said one out of every 120 smartphones had some type of malware infection.

However, infection rates on fixed residential networks also rose from an average of 11 percent in late 2015 to 12 percent in the first half of this year. Nokia said most residential infections primarily come from malware on Windows computers in the home, but also include infected smartphone’s using domestic Wi-FI.

Among smartphones, the report found Android devices remained the primary target. Nokia found nearly three-quarters of malware infections occurred on Android devices, compared to 22 percent on Windows or PC devices and 4 percent on other platforms including Apple’s iOS.

Nokia also found Android devices are facing an increasing number of threats. The report found 8.9 million Android malware samples in the July 2016, up from 5.1 million in December 2015.

“Today attackers are targeting a broader range of applications and platforms, including popular mobile games and new IoT devices, and developing more sophisticated and destructive forms of malware,” head of the Nokia Threat Intelligence Lab Kevin McNamee said.

Across all devices, three mobile threats – Uapush.A, Kasandra.B and SMSTracker – accounted for 47 percent of all detected mobile infections.

According to Nokia, Uapush.A is an Android adware Trojan that is capable of sending SMS messages and stealing personal information. Kasandra.B is another Trojan that looks like Kaspersky’s Mobile Security app and gives an attacker access to private information like SMS messages, contacts, call logs, location data and browsing history. SMS Tracker is a spy app that “provides a complete phone tracking and monitoring system,” including access to messages, voice calls, location data and browser history, Nokia said.

Nokia said those three threats have been circulating since last year, but bumped up their activity in the first half of this year. Conversely, threats from iOS’ XcodeGhost malware declined, but still accounted for 2.07 percent of infections.

Nokia said it also saw a rise in more sophisticated malware, specifically malware that attempts to root a device to gain permanent and complete access. Samples of this kind of malware on Android include HummingBad, Viking Horde and GhostPush. Known apps infected by Viking Horde include Viking Jump, Wifi Plus, Memory Booster and Parrot Copter.

Nokia’s report comes out in the wake of a recently revealed iOS spyware exploit that has been used by governments to monitor dissidents and journalists.

Discovered by the University of Toronto’s Citizen Lab and Lookout, the three-pronged exploit chain allows an attacker to remotely jailbreak a user’s iPhone and install spyware capable of accessing the device’s camera, microphone, location information, calls and messages. The chain is triggered when a user visits a malicious website either on their own or by clicking a link sent to them via text message.

Apple has already released a patch for the vulnerabilities in its iOS 9.3.5 update.